Are `()` illegal in http header names?

[michielbdejong]

In ocm-stub I'm using a request-target header instead of (request-target) because node doesn't let me use () in http headers:

[...]
signature headers generated {
  '(request-target)': 'post /ocm/shares',
  'content-length': '542',
  host: 'localhost',
  date: 'Fri, 20 Sep 2024 09:05:15 GMT',
  digest: 'SHA-256=DTQncxcBMaUxEhdfX0IXLLLg2fel8Ga3O3oixL4wgvY=',
  signature: 'keyId="localhost",algorithm="rsa-sha256",headers="(request-target),content-length,host,date,digest",signature="DH6WPWMMommk4hBLzIUQZNiw8wAUaQUK17G2BOBelyCGmiixGupQDGt2g43Bcqgd62pJS+nf09C7douOzM+qn9e30L6x/gvIe8Ot11KQPJrDY5568ap9H+nZDWChZEFPSMDDRdZ1EILkholqymP4tLSNTRh5JBcud+nNg1rUunztsQl+c65noGYdjjVxg8tGwO4B/qHqxemUnSM5o1JtzDUVG1VgypHNYN7eca77126gt4CLpthqTHlQjatGVYK3ts4jz8ymDQxlQNKKJXU8IeV4eTbazXLsbmsmVXJ/7sBsVs2p+QS5ktXXHNn9LTadffPyo7MwvMPOcNrqma5irw=="',
  'content-type': 'application/json'
}
TypeError: (request-target) is not a legal HTTP header name
[...]

According to https://stackoverflow.com/questions/3561381/custom-http-headers-naming-conventions/3569667#3569667 the separators () are indeed illegal even though https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3 violates this. What are we to do here?

[michielbdejong]

I'll find out how https://www.npmjs.com/package/http-signature does it, maybe it depends on the node version